Upgrade Guide › How to Upgrade CA CloudMinder › Upgrade the CA Identity Management Server

Upgrade the CA Identity Management Server

The Identity Management server is the last server that you upgrade. If you have multiple Identity Management servers, upgrade the primary server first.

Note the following before you upgrade the Identity Management server:

• During a role definition update, Identity Management, and tenants may be inaccessible.
• Do not perform administrative updates when upgrading the CA Identity Management server. Do not upgrade the second instances of Identity Management until the first completes with role definition updates.

Follow these steps:

1. Set the following properties in the backup version of properties.sh:

   _ web_agent_name=camadmin; export web_agent_name

2. SSH into the machine to be upgraded.
3. Verify that a backup of the /tmp/properties.sh file exists.
4. Unzip the new kit for the machine being upgraded into the root file system folder. For example, enter the following commands:

   cd /
   

   unzip -o CAM-IM_kit-version.zip
   

5. Compare the updated properties.sh with the version of the properties.sh file in the tmp/properties.sh file in the kit.
   1. Diff the properties.sh file that you added the properties to and the tmp/properties file by entering the following command:

      diff -y /serverkit/properties.sh /tmp/properties.sh
      

   2. Make appropriate changes to the backup version of properties.sh file as required.
6. Run the upgrade:

   Note: If the following directory has a file named upgradeBackupList.sh, it will have an environment variable named BACKUP_LIST. This variable is an array of file names that will be backed up before the upgrade, and then restored after the upgrade. You may add or remove file names from this list as necessary.

   cd /opt/CA/saas/repo/application/
   

   ./appliance_local.sh   config
   

Verify the upgrade:

1. Verify services are running:

   ps -ef |grep java
   

   JBoss and the DxAgentService should be running.

2. Verify DSA routers are running

   su - dsa
   dxserver status
   

   You should see XXX-cam-tenant-router started.

Upgrade Tenant Backup Files

The system has a file named the upgradeBackupList.sh. This file contains an array of file names to back up before the upgrade, and then restored after the upgrade. If you have additional files that you want to preserve, you can add or remove file names from this list as necessary.

Follow these steps:

1. Find the variable named BACKUP_LIST, line 391 (It is an array enclosed in parenthesis).
2. Insert the filename(s) in each set of quotes separated by spaces and inside the parenthesis.

Session Cookies May Allow Authentication After Log Off

For each tenant, set the <tenant>_ims_realm to persistent. Change the realm to use a persistent session.

Follow these steps:

1. Login to the Cloud Service Provider Console.
2. Navigate to Policies, Domain, Domains.
3. Edit the <tenant>Domain and navigate to Realms tab.
4. Edit <tenant>_ims_realm realm and look for the Session section
5. Change the Session to Persistent.
6. Click OK, and then Submit.
7. Repeat the steps above for all tenants.
8. Refresh the cache by navigating to Administration, Policy Server, Cache Management->Flush All

Set the Connection Type as Your JDBC Connection

After the upgrade, the IdentityMinder server SSO Reporting tasks are missing the JDBC connection information. To correct this, set the connection type as your JDBC connection.

The following tasks are SSO reports that you have to modify:

• SSO-Authentications by Authentication Type Report
• SSO-Unique User Authentications Detail Report
• SSO-Unique User Authentications Summary Report
• SSO-Authentications by Auth type per Application Report
• SSO-User Accesses per Application Report
• SSO-User Access Detail Report
• SSO-User Authentication Detail Report

Follow these steps:

1. Log in to the User Console as the CSP administrator.
2. Select Roles and Tasks, Admin Roles, Modify Admin Task.
3. Search for the tasks listed above.
4. Select the Search tab, and then click Browse to locate the search screen for each task. By default, the search screen will be selected in the list.
5. Edit the search screen for the report task: choose your JDBC connection under Connection Object for the Report.
6. Click Submit.

Back Up Your /tmp/properties.sh Files to a Secure Location For the Next Upgrade

Important! After completing the installation of the product, you must back up the file /tmp/properties.sh file on each server component to a secure location. You need these files for future upgrades because this file contains password information. If you do not have this file backed up from a previous installation or upgrade, you cannot proceed with new upgrades.

Make sure to back up the properties.sh file from the /tmp directory immediately after the upgrade, just as you must do after your initial installation.

The upgrade overwrites these files. After you update the servers in the environment, you use the backup versions of the files to complete the upgrade.

Important! Do not create back-up versions in the /tmp directory, as this directory is volatile. Copy the properties.sh files from your prior installation to each server. In the example below, replace /tmp with the location of your secure backup.

The following procedure places back up files in a serverkit directory.

Follow these steps:

1. On each CA Directory server system, enter the following commands:

   mkdir /serverkit
   

   cp /tmp/properties.sh /serverkit
   

2. On each Provisioning Server and CA IAM Connector Server system, enter the following commands:

   mkdir /serverkit
   

   cp /tmp/properties.sh /serverkit
   

3. On each CA SiteMinder Policy Server, enter the following commands to back up the properties file:

   /tmp/properties.sh 
   

   mkdir /serverkit
   

4. On each SPS system, enter the following commands:

   /tmp/properties.sh 
   

   mkdir /serverkit
   

   cp /tmp/properites.sh /serverkit
   

5. On each Identity Management server, enter the following commands:

   mkdir /serverkit
   

   cp /tmp/properites.sh /serverkit
   

Important! If there is more than one server of each type, back up each properties files on each system. For example, if I have two Directory servers, you must back up each, separate properties file and move them to the serverkit folder.

High-Availability: Layer 7 Gateway Server

The Layer 7 Gateway servers are new components in CA CloudMinder 1.5.

Use this procedure to install the Layer 7 Gateway servers.

Note: These instructions assume you are installing two Gateway servers in a high-availability deployment.

For additional information, see the the complete Layer 7 Installation and Maintenance Manual.